NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,403 Commits 5 Branches 387 Tags 141 MiB
f538705bc0
Commit Graph

56403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabrice Fontaine
d412539dbc package/dhcpcd: disable privsep on older kernels 
Commit e5594f7239 fixed privsep for sh,
or1k, microblaze, xtensa, arc, nds32 and nios2, but failed to take into
account that the audit functionality is only available in recent kernels
on those architectures.

Pass the --disable-privsep configure option if the kernel is too old in
those architectures.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2021-03-05 11:18:40 +01:00
Yann E. MORIN
c72be5dd2f package/libopenssl does not support riscv32 
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.

Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
    5b5e2985f3

We initially carried that patch with 2bb26c1a1d (package/libopenssl:
fix build on riscv32).

However, as Arnd Bergmann puts it [0]:

    The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
    whenever time_t is 64-bit wide on a 32-bit architecture, while
    __NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
    same width as 'long'.

    Checking whether __NR_io_getevents is defined is wrong for all
    architectures other than riscv

And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).

As such, we've reverted 2bb26c1a1d with 6cfb4ad7f7.

This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.

Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.

When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).

While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.

Fixes:
    http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
    ...
    http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/

[0] 5b5e2985f3 (commitcomment-44782859)
[1] 5b5e2985f3 (commitcomment-47826509)
[2] 5b5e2985f3 (commitcomment-47830530)

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
 2021-03-04 22:53:08 +01:00
Arnout Vandecappelle (Essensium/Mind)
e5594f7239 package/dhcpcd: cherry-pick upstream arch-specific privsep fixes 
dhcpcd includes privsep-linux.c which contains platform-specific
definitions for the seccomp fixes. A lot of our architectures were not
supported yet in the 9.4.0 release, but are supported now thanks to
Fabrice Fontaine.

Cherry-pick those patches. All of them affect the same code, but they
are cherry-picked individually to keep the correspondence with upstream.
Slight adjustments had to be made but there were no merge conflicts.

Fixes:
 - http://autobuild.buildroot.org/results/9ed863b3ba5e6e0587a48e619395e5bdb7e9c557
 - http://autobuild.buildroot.org/results/affd2f094084c4f53a324830539d07050b83587e
 - http://autobuild.buildroot.org/results/67f39606054930d307ddd0eb7743f06316d41544

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2021-03-04 21:27:07 +01:00
Fabrice Fontaine
5d9fb6a2ae package/gnuchess: security bump to version 6.2.7 
Fix CVE-2019-15767: In GNU Chess 6.2.5, there is a stack-based buffer
overflow in the cmd_load function in frontend/cmd.cc via a crafted chess
position in an EPD file.

Update indentation in hash file (two spaces)

https://lists.gnu.org/archive/html/info-gnu-chess/2020-04/msg00000.html
https://lists.gnu.org/archive/html/info-gnu-chess/2020-05/msg00000.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 21:19:45 +01:00
Fabrice Fontaine
183d583fb5 package/sox: fix static build with magic 
This build failure is raised since bump to
7524160b29a476f7e87bc14fddf12d349f9a3c5e

Fixes:
 - http://autobuild.buildroot.org/results/d96f27cd96926060046e2e1115777f5bceda3741

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2021-03-04 20:40:52 +01:00
Fabrice Fontaine
f007b62cc2 package/kismet: fix build when time_t is defined as long long 
On some platforms time_t is defined as long long. At the moment, the
compilation of sqlite3_column_as<time_t>(...) fails on these systems
because the appropriate getter is not defined

Fixes:
 - http://autobuild.buildroot.org/results/3a76afdbd8b564579bfb08a4d75b438dbd73ac2e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2021-03-04 20:39:52 +01:00
Fabrice Fontaine
e9fbb8dccb package/libminiupnpc: add CPE variables 
cpe:2.3🅰️miniupnp_project:miniupnpc is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminiupnpc

Split the _VERSION into the traditional major/minor separation, even
though it is not strictly speaking major/minor. This allows re-using for
the CPE versioning.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - inverse the split: rather than defining _VERSION based on the CPE
    values, split the _VERSION and use that to define the CPE variables
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 20:04:26 +01:00
Fabrice Fontaine
043a23a6b7 package/gnuchess: add CPE variables 
cpe:2.3🅰️gnu:chess is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Achess

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:55:29 +01:00
Fabrice Fontaine
ac3bbc4e03 package/systemd: add SYSTEMD_CPE_ID_VENDOR 
cpe:2.3🅰️freedesktop:systemd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Afreedesktop%3Asystemd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:55:29 +01:00
Fabrice Fontaine
f6bbaaa886 package/rabbitmq-server: add CPE variables 
cpe:2.3🅰️pivotal_software:rabbitmq is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apivotal_software%3Arabbitmq

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:55:29 +01:00
Fabrice Fontaine
93e94bde2d package/harfbuzz: set HARFBUZZ_CPE_ID_VALID 
cpe:2.3🅰️harfbuzz_project:harfbuzz is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aharfbuzz_project%3Aharfbuzz

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:43 +01:00
Fabrice Fontaine
8cb2f4fd3a package/icu: add CPE variables 
cpe:2.3🅰️icu-project:international_components_for_unicode is a valid
CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aicu-project%3Ainternational_components_for_unicode

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:42 +01:00
Fabrice Fontaine
5aa8448ed1 package/heimdal: set HEIMDAL_CPE_ID_VALID 
cpe:2.3🅰️heimdal_project:heimdal is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aheimdal_project%3Aheimdal

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:41 +01:00
Fabrice Fontaine
d282eaebb0 package/minicom: set MINICOM_CPE_ID_VALID 
cpe:2.3🅰️minicom_project:minicom is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminicom_project%3Aminicom

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:39 +01:00
Fabrice Fontaine
67c06e4710 package/rtmpdump: set RTMPDUMP_CPE_ID_VALID 
cpe:2.3🅰️rtmpdump_project:rtmpdump is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Artmpdump_project%3Artmpdump

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:38 +01:00
Fabrice Fontaine
48b7f728f5 package/libmicrohttpd: add LIBMICROHTTPD_CPE_ID_VENDOR 
cpe:2.3🅰️gnu:libmicrohttpd is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Alibmicrohttpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:37 +01:00
Fabrice Fontaine
da903c2b95 package/libosip2: add CPE variables 
cpe:2.3🅰️gnu:osip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Aosip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:36 +01:00
Fabrice Fontaine
30c250eb59 package/iucode-tool: set IUCODE_TOOL_CPE_ID_VALID 
cpe:2.3🅰️iucode-tool_project:iucode-tool is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aiucode-tool_project%3Aiucode-tool

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:35 +01:00
Fabrice Fontaine
0029c467fe package/lame: set LAME_CPE_ID_VALID 
cpe:2.3🅰️lame_project:lame is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alame_project%3Alame

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:34 +01:00
Fabrice Fontaine
968418490c package/apr-util: add CPE variables 
cpe:2.3🅰️apache:portable_runtime_utility is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Aportable_runtime_utility

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 19:53:33 +01:00
Fabrice Fontaine
d5a669b999 package/libstrophe: fix tarball hash 
Fix hash added by commit 28c7ff0bdb:
https://patchwork.ozlabs.org/project/buildroot/patch/20210104101054.5392-1-jubalh@iodoru.org

Says Michael:

    > ERROR: libstrophe-0.10.1.tar.gz has wrong sha256 hash:
    > ERROR: expected: 4918c47029ecdea2deab4b0f9336ca4a8bb12c28b72b2cec397d98664b94c771
    > ERROR: got     : 5bf0bbc555cb6059008f1b748370d4d2ee1e1fabd3eeab68475263556405ba39
    > ERROR: Incomplete download, or man-in-the-middle (MITM) attack

    I'm sorry about that. We had some disagreement at JasPer and we removed
    an existing tag and created the same tag on a different commit. Thus
    generating a different tarball under the same tag..

    I thought I only did the buildroot update after this, but maybe I
    remember wrong.

While at it, also update indentation in hash file (two spaces)

Fixes:
 - http://autobuild.buildroot.org/results/2f13af96eee20176ccb37ad32ec1472b4c9d6208

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: quote Michael's explanations]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2021-03-04 18:33:16 +01:00
Fabrice Fontaine
4c80672767 package/rpcbind: set RPCBIND_CPE_ID_VALID 
cpe:2.3🅰️rpcbind_project:rpcbind is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arpcbind_project%3Arpcbind

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:14:47 +01:00
Fabrice Fontaine
353395a0a6 package/transmission: add TRANSMISSION_CPE_ID_VENDOR 
cpe:2.3🅰️transmissionbt:transmission is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atransmissionbt%3Atransmission

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:14:23 +01:00
Fabrice Fontaine
20dbc17704 package/rsync: add RSYNC_CPE_ID_VENDOR 
cpe:2.3🅰️samba:rsync is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asamba%3Arsync

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:13:58 +01:00
Fabrice Fontaine
4a6ea830a7 package/librsync: set LIBRSYNC_CPE_ID_VALID 
cpe:2.3🅰️librsync_project:librsync is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibrsync_project%3Alibrsync

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:13:49 +01:00
Fabrice Fontaine
61eff3f988 package/librsvg: add LIBRSVG_CPE_ID_VENDOR 
cpe:2.3🅰️gnome:librsvg is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Alibrsvg

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:13:29 +01:00
Fabrice Fontaine
e51733c126 package/libpjsip: add CPE variables 
cpe:2.3🅰️pjsip:pjsip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apjsip%3Apjsip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:12:21 +01:00
Michael Vetter
28c7ff0bdb package/libstrophe: bump to version 0.10.1 
Changes:
* Fixed compilation error when LibreSSL is used
* Fixed crash when NULL is provided as password

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:09:59 +01:00
Fabrice Fontaine
3a6d53c9f0 package/neon: add NEON_CPE_ID_VENDOR 
cpe:2.3🅰️webdav:neon is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awebdav%3Aneon

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:08:41 +01:00
Fabrice Fontaine
831a1bd299 package/sdl2_image: add SDL2_IMAGE_CPE_ID_VENDOR 
cpe:2.3🅰️libsdl:sdl2_image is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl2_image

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:07:51 +01:00
Fabrice Fontaine
84e239775f package/procps-ng: set PROCPS_NG_CPE_ID_VALID 
cpe:2.3🅰️procps-ng_project:procps-ng is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprocps-ng_project%3Aprocps-ng

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:07:42 +01:00
Fabrice Fontaine
24b1b6489b package/libvorbis: add LIBVORBIS_CPE_ID_VENDOR 
cpe:2.3🅰️xiph.org:libvorbis is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Axiph.org%3Alibvorbis

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:06:50 +01:00
Fabrice Fontaine
5743d90008 package/libconfuse: set LIBCONFUSE_CPE_ID_VALID 
cpe:2.3🅰️libconfuse_project:libconfuse is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibconfuse_project%3Alibconfuse

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:06:35 +01:00
Fabrice Fontaine
ca36994a88 package/libsoup: add LIBSOUP_CPE_ID_VENDOR 
cpe:2.3🅰️gnome:libsoup is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnome%3Alibsoup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:06:16 +01:00
Fabrice Fontaine
01024f5612 package/stunnel: add STUNNEL_CPE_ID_VENDOR 
cpe:2.3🅰️stunnel:stunnel is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Astunnel%3Astunnel

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:05:14 +01:00
Fabrice Fontaine
0b4e8e430d package/sane-backends: set SANE_BACKENDS_CPE_ID_VALID 
cpe:2.3🅰️sane-backends_project:sane-backends is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asane-backends_project%3Asane-backends

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-04 08:05:00 +01:00
Fabrice Fontaine
cac588d79a package/suricata: bump to version 6.0.2 
This release is a bug fix release, fixing numerous important issues:
https://suricata-ids.org/2021/03/02/suricata-6-0-2-and-5-0-6-released/

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 15:01:51 +01:00
Fabrice Fontaine
57cb108af0 package/libhtp: bump to version 0.5.37 
https://github.com/OISF/libhtp/releases/tag/0.5.37

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 15:01:44 +01:00
Fabrice Fontaine
ff18652b42 package/libebml: security bump to version 1.4.2 
Fix CVE-2021-3405: A flaw was found in libebml before 1.4.2. A heap
overflow bug exists in the implementation of EbmlString::ReadData and
EbmlUnicodeString::ReadData in libebml.

https://github.com/Matroska-Org/libebml/blob/release-1.4.2/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:44:16 +01:00
Fabrice Fontaine
fc151128a9 package/elfutils: set ELFUTILS_CPE_ID_VALID 
cpe:2.3🅰️elfutils_project:elfutils is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aelfutils_project%3Aelfutils

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:42:46 +01:00
Fabrice Fontaine
20455e4767 package/prosody: add PROSODY_CPE_ID_VENDOR 
cpe:2.3🅰️prosody:prosody is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprosody%3Aprosody

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:42:33 +01:00
Fabrice Fontaine
608632bfe8 package/netatalk: set NETATALK_CPE_ID_VALID 
cpe:2.3🅰️netatalk_project:netatalk is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Anetatalk_project%3Anetatalk

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:42:21 +01:00
Fabrice Fontaine
e1d4b088fb package/liburiparser: add CPE variables 
cpe:2.3🅰️uriparser_project:uriparser is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Auriparser_project%3Auriparser

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:42:00 +01:00
Fabrice Fontaine
e44dcbd953 package/pango: add PANGO_CPE_ID_VENDOR 
cpe:2.3🅰️pango:pango is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apango%3Apango

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:41:52 +01:00
Fabrice Fontaine
94a331ed1e package/jq: set JQ_CPE_ID_VALID 
cpe:2.3🅰️jq_project:jq is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajq_project%3Ajq

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:41:37 +01:00
Fabrice Fontaine
04b9f65f11 package/libseccomp: set LIBSECCOMP_CPE_ID_VALID 
cpe:2.3🅰️libseccomp_project:libseccomp is a valid CPE identifier for
this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibseccomp_project%3Alibseccomp

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:41:28 +01:00
Fabrice Fontaine
8cdab4fc4a package/rpm: add RPM_CPE_ID_VENDOR 
cpe:2.3🅰️rpm:rpm is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Arpm%3Arpm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:41:09 +01:00
Fabrice Fontaine
88053c3bae package/live555: add CPE variables 
cpe:2.3🅰️live555:streaming_media is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alive555%3Astreaming_media

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:40:57 +01:00
Fabrice Fontaine
1032d583f8 package/irssi: add IRSSI_CPE_ID_VENDOR 
cpe:2.3🅰️irssi:irssi is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Airssi%3Airssi

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:40:15 +01:00
Fabrice Fontaine
70c0ebf293 package/mpg123: add MPG123_CPE_ID_VENDOR 
cpe:2.3🅰️mpg123:mpg123 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ampg123%3Ampg123

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2021-03-03 13:39:38 +01:00